04-30-2013 04:30 PM - edited 03-10-2019 08:22 PM
I am working on my implementation of ISE and I want to offload real time logs from ISE to MARS. Is this possible and is there anything special that is needed to perform this?
05-01-2013 12:55 PM
ISE can export all the logs you want in syslog format.
Check http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_logging.html#wpxref47217
05-21-2013 02:36 AM
To collect logs externally, you configure external syslog servers, called targets.Logging targets are locations where the system logs are collected. In Cisco ISE, targets refer to the IP addresses of the servers that collect and store logs. You can generate and store logs locally, or you can FTP them to an external server. Cisco ISE has the following default targets, which are dynamically configured in the loopback addresses of the local system:
•LogCollector—Default syslog target for the Log Collector.
•ProfilerRadiusProbe—Default syslog target for the Profiler Radius Probe.
To create an external logging target, complete the following steps:
--------------------------------------------------------------------------------
Step 1 From the ISE Administration Interface, choose Administration > System > Logging > Remote Logging Targets.
The Remote Logging Targets page appears.
Click Add.
Step 2 The Log Collector page appears.
Step 3 Configure the following fields:
a. Name—Enter the name of the new target.
b. Target Type—By default it is set to Syslog. The value of this field cannot be changed.
c. Description— Enter a brief description of the new target.
d. IP Address—Enter the IP address of the destination machine where you want to store the logs.
e. Port—Enter the port number of the destination machine.
f. Facility Code—Choose the syslog facility code to be used for logging. Valid options are Local0 through Local7.
g. Maximum Length— Enter the maximum length of the remote log target messages. Valid options are from 200 to 1024 bytes.
Step 4 Click Save.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide